My Oracle Support Banner

SSH access on pri-utility-addr of a media interface on VM using Mellanox (MLX) NICs (Doc ID 2818890.1)

Last updated on NOVEMBER 02, 2021

Applies to:

Net-Net OS - Version S-Cz8.3.0 to S-Cz8.4.0 [Release S-Cz8.0]
Information in this document applies to any platform.

Symptoms

SSH is allowed on pri-utility-addr of a media interface, on a VM using specifically the Mellanox (MLX) NICs. If there is a switchover to other node in HA, then at the time, ssh on sec-utility-addr is allowed. Here, no ssh-address is set. This behavior is incorrect and of security concern.

Changes

This issue is observed specifically on VM using Redhat Openstack with Mellanox SRIOV setup. The issue was observed on cz830m1p8A.

Important to note that, there is no 'ssh-address' set for the 'network-interface'.

 

network-interface
                 name                  M00
                 sub-port-id          123
                 description           Media Interface M00:123
                 hostname
                 ip-address            x.x.x.x
                 pri-utility-addr       x.x.x.a <<========= ssh is allowed on IP set as pri-utility-addr
                 sec-utility-addr     x.x.x.b
                 netmask               y.y.y.y
                 gateway               x.x.x.c
                 .
                 .
                 hip-ip-list               x.x.x.x
                 icmp-address        x.x.x.x
                 snmp-address
                 ssh-address                    <<========= No ssh address is set

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.